Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
---
AWSTemplateFormatVersion: 2010-09-09
######################################
## Stack Description
######################################
Description: >-
This main template creates a VPC for deployment of HVR on AWS.
**WARNING**
This template creates EC2 instances and related resources. You will be billed
for the AWS resources used if you create a stack from this template. (qs-1roo3sq66)
######################################
## Stack Metadata
######################################
Metadata:
QuickStartDocumentation:
EntrypointName: "Parameters for deploying into a new VPC"
Order: 1
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: End-user license agreement (EULA) for HVR CDC
Parameters:
- AcceptedEULA
- Label:
default: "VPC network configuration"
Parameters:
- AvailabilityZones
- VPCCIDR
- PublicSubnet1CIDR
- PublicSubnet2CIDR
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- RemoteAccessCIDR
- Label:
default: "HVR EC2 configuration"
Parameters:
- HVRInstanceTypeHUB
- HVRInstanceTypeAgent
- KeyName
- Label:
default: Tag identifiers
Parameters:
- TagEnvironment
- Label:
default: HVR license key (secret parameter ARN)
Parameters:
- HVRLicenseSecret
- Label:
default: HVR Aurora/PostgreSQL configuration
Parameters:
- EnablePGStack
- DBAccessCIDR
- PGInstanceClass
- NotificationList
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketRegion
- QSS3BucketName
- QSS3KeyPrefix
ParameterLabels:
AcceptedEULA:
default: Accepted EULA
AvailabilityZones:
default: Availability Zones
VPCCIDR:
default: VPC CIDR
PublicSubnet1CIDR:
default: Public subnet 1 CIDR
PublicSubnet2CIDR:
default: Public subnet 2 CIDR
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
RemoteAccessCIDR:
default: Allowed CIDR to bastion host
DBAccessCIDR:
default: Allowed CIDR for database access
HVRInstanceTypeHUB:
default: EC2 instance type for HVR hub
HVRInstanceTypeAgent:
default: EC2 instance type for HVR agent
KeyName:
default: EC2 key pair name
EnablePGStack:
default: Enable Aurora/PostgreSQL stack
NotificationList:
default: Email address for Aurora/PostgreSQL notifications
PGInstanceClass:
default: Aurora/PostgreSQL instance class
TagEnvironment:
default: Environment tag
QSS3BucketRegion:
default: Quick Start S3 bucket Region
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
HVRLicenseSecret:
default: HVR license key
License: Apache-2.0
######################################
## Parameters
######################################
Parameters:
AcceptedEULA:
AllowedValues:
- "yes"
- "no"
Default: "yes"
Description: >-
Read the HVR Software end-user license agreement (https://www.hvr-software.com/license-agreement/) carefully before using the software.
The HVR stack can be created only after you accept the EULA. To accept the EULA from AWS Marketplace, see https://aws.amazon.com/marketplace/pp/B077YM8HPW.
Type: String
AvailabilityZones:
Description: >-
Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment, and the logical order of
your selections is preserved. To maximize efficiency, choose the same Availability Zone as the target database or service.
Type: "List<AWS::EC2::AvailabilityZone::Name>"
RemoteAccessCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: CIDR address from which you will connect to the bastion host.
Type: String
DBAccessCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Default: 10.0.0.0/18
Description: Private CIDR address from which you will connect to the database instance.
Type: String
VPCCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Description: CIDR block for the VPC.
Type: String
PublicSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Description: CIDR block for public subnet 1 located in Availability Zone 1. The bastion host is deployed here.
Type: String
PublicSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Description: CIDR block for public subnet 2 located in Availability Zone 2. The bastion host is deployed here.
Type: String
PrivateSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Description: CIDR block for private subnet 1 located in Availability Zone 1. The HVR hub, agent, and Aurora/PostgreSQL database are deployed here.
Type: String
PrivateSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Description: CIDR block for private subnet 2 located in Availability Zone 2. The HVR hub, agent, and Aurora/PostgreSQL database are deployed here.
Type: String
HVRInstanceTypeHUB:
Description: EC2 instance type for the HVR hub.
Type: String
Default: c5.large
AllowedValues:
[
c5.large,
c5.xlarge,
c5.2xlarge
c5d.large,
c5d.xlarge,
c5d.2xlarge
]
ConstraintDescription: Must be a valid EC2 instance type.
HVRInstanceTypeAgent:
Description: EC2 instance type for the HVR agent running capture/integrate.
Type: String
Default: c5.large
AllowedValues:
[
c5.large,
c5.xlarge,
c5.2xlarge
c5d.large,
c5d.xlarge,
c5d.2xlarge
]
ConstraintDescription: Must be a valid EC2 instance type.
KeyName:
Description: Name of the key pair to be used to connect to your EC2 instances by using SSH.
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: Must be the name of an existing EC2 key pair.
NotificationList:
Type: String
Default: "ops@company.com"
Description: Email notification that is used to configure an SNS topic for sending an Amazon CloudWatch alarm and Amazon RDS event notifications.
AllowedPattern: '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$'
ConstraintDescription: provide a valid email address.
EnablePGStack:
AllowedValues:
- "true"
- "false"
Default: "true"
Description: Choose "false" if you don't want to create an Amazon Aurora/PostgreSQL RDS stack.
Type: String
PGInstanceClass:
AllowedValues:
- db.r5.large
- db.r5.xlarge
- db.r5.2xlarge
- db.r5.4xlarge
Default: db.r5.large
Description: Aurora/PostgreSQL database instance class.
Type: String
TagEnvironment:
Type: String
AllowedValues:
- dev
- test
Description: Designates the environment stage of the associated AWS resource.
Default: "dev"
QSS3BucketRegion:
Default: "ap-southeast-2"
Description: "AWS Region where the Quick Start S3 bucket (QSS3BucketName) is
hosted. Keep the default Region unless you are customizing the template.
Changing this Region updates code references to point to a new Quick Start location.
When using your own bucket, specify the Region.
See https://aws-quickstart.github.io/option1.html."
Type: String
QSS3BucketName:
AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$"
ConstraintDescription: "The Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a
hyphen (-)."
Default: "ae-quickstart-aws-hvr"
Description: "Name of the S3 bucket for your copy of the Quick Start assets.
Keep the default name unless you are customizing the template.
Changing the name updates code references to point to a new Quick
Start location. This name can include numbers, lowercase letters,
uppercase letters, and hyphens, but do not start or end with a hyphen (-).
See https://aws-quickstart.github.io/option1.html."
Type: String
QSS3KeyPrefix:
AllowedPattern: "^[0-9a-zA-Z-/]*$"
ConstraintDescription: "The Quick Start S3 key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slashes (/). The prefix should
end with a forward slash (/)."
Default: quickstart-hvr/
Description: "S3 key prefix that is used to simulate a directory for your copy of the
Quick Start assets. Keep the default prefix unless you are customizing
the template. Changing this prefix updates code references to point to
a new Quick Start location. This prefix can include numbers, lowercase
letters, uppercase letters, hyphens (-), and forward slashes (/). End with
a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html
and https://aws-quickstart.github.io/option1.html."
Type: String
HVRLicenseSecret:
Description: |
Specify the ARN to the secret (to be located in AWS Secrets Manager) that can be used for the HVR deployment.
If no value is specified, a temporary dummy secret will be created in Secrets Manager as hvr/quickstart/{TagEnvironment}/hvrlic.
If you require a license, leave the value as "none," and contact the HVR Software sales team.
Type: String
Default: "none"
######################################
## Condition definitions
######################################
Conditions:
UsingDefaultBucket: !Equals
- !Ref QSS3BucketName
- "aws-quickstart"
CreatePGStack: !Equals
- !Ref EnablePGStack
- "true"
IsAcceptedEULA: !Equals
- !Ref AcceptedEULA
- "yes"
######################################
## Declaration of stack resources
######################################
Resources:
## ------------------------------------------------------------ #
## Create nested stack for VPC creation
## ------------------------------------------------------------ #
VPCStack:
Type: "AWS::CloudFormation::Stack"
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml
- S3Bucket: !If
- UsingDefaultBucket
- !Sub "aws-quickstart-${AWS::Region}"
- !Ref "QSS3BucketName"
S3Region: !If
- UsingDefaultBucket
- !Ref "AWS::Region"
- !Ref "QSS3BucketRegion"
Parameters:
AvailabilityZones: !Join
- ","
- !Ref AvailabilityZones
NumberOfAZs: "2"
PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR
PublicSubnet1CIDR: !Ref PublicSubnet1CIDR
PublicSubnet2CIDR: !Ref PublicSubnet2CIDR
VPCCIDR: !Ref VPCCIDR
## ------------------------------------------------------------ #
## Create nested stack for Bastion host (based on HVR BYOL system)
## - this allows SSH and HVR GUI access
## ------------------------------------------------------------ #
BastionStack:
Condition: IsAcceptedEULA
Type: 'AWS::CloudFormation::Stack'
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/hvr.bastion.template.yaml'
- S3Bucket: !If
- UsingDefaultBucket
- !Sub "aws-quickstart-${AWS::Region}"
- !Ref "QSS3BucketName"
S3Region: !If
- UsingDefaultBucket
- !Ref "AWS::Region"
- !Ref "QSS3BucketRegion"
Parameters:
VPCID: !GetAtt VPCStack.Outputs.VPCID
VPCCIDR: !Ref VPCCIDR
PublicSubnet1: !GetAtt VPCStack.Outputs.PublicSubnet1ID
PublicSubnet2: !GetAtt VPCStack.Outputs.PublicSubnet2ID
RemoteAccessCIDR: !Ref RemoteAccessCIDR
KeyName: !Ref KeyName
TagEnvironment: !Ref TagEnvironment
HVRPubKeyBase64: !GetAtt HVRStack.Outputs.HVRPublicKey
## ------------------------------------------------------------ #
## Create nested stack for HVR Hub and Agents
## ------------------------------------------------------------ #
HVRStack:
Condition: IsAcceptedEULA
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/hvr.workload.vpc.template.yaml
- S3Bucket: !If
- UsingDefaultBucket
- !Sub "aws-quickstart-${AWS::Region}"
- !Ref "QSS3BucketName"
S3Region: !If
- UsingDefaultBucket
- !Ref "AWS::Region"
- !Ref "QSS3BucketRegion"
Parameters:
AcceptedEULA: !Ref AcceptedEULA
VPCID: !GetAtt
- VPCStack
- Outputs.VPCID
VPCCIDR: !Ref VPCCIDR
PrivateSubnet1CIDR: !GetAtt
- VPCStack
- Outputs.PrivateSubnet1ACIDR
PrivateSubnet2CIDR: !GetAtt
- VPCStack
- Outputs.PrivateSubnet2ACIDR
PrivateSubnet1: !GetAtt
- VPCStack
- Outputs.PrivateSubnet1AID
PrivateSubnet2: !GetAtt
- VPCStack
- Outputs.PrivateSubnet2AID
HVRInstanceTypeHUB: !Ref HVRInstanceTypeHUB
HVRInstanceTypeAgent: !Ref HVRInstanceTypeAgent
KeyName: !Ref KeyName
TagEnvironment: !Ref TagEnvironment
HVRLicenseSecret: !Ref HVRLicenseSecret
## ------------------------------------------------------------ #
## Creat nexted stack for Aurora/PostgreSQL if required
## ------------------------------------------------------------ #
## --------------------------------------------- #
## Create Aurora/PostgreSQL user password in SSM
## --------------------------------------------- #
PGUserSecret:
Type: "AWS::SecretsManager::Secret"
Properties:
Name: !Sub hvr/quickstart/${TagEnvironment}/pgUserSecret
Description: Autogenerated Aurora/PostgreSQL hvrhub user password
GenerateSecretString:
SecretStringTemplate: '{"username": "hvrhub"}'
GenerateStringKey: 'password'
PasswordLength: 16
ExcludeCharacters: \'"@/
Tags:
- Key: Name
Value: !Sub pg-user-secret-${TagEnvironment}
- Key: EnvironmentStage
Value: !Sub ${TagEnvironment}
AuroraStack:
Condition: CreatePGStack
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-amazon-aurora-postgresql/templates/aurora_postgres.template.yaml
- S3Bucket: !If
- UsingDefaultBucket
- !Sub "aws-quickstart-${AWS::Region}"
- !Ref "QSS3BucketName"
S3Region: !If
- UsingDefaultBucket
- !Ref "AWS::Region"
- !Ref "QSS3BucketRegion"
Parameters:
Subnet1ID: !GetAtt
- VPCStack
- Outputs.PrivateSubnet1AID
Subnet2ID: !GetAtt
- VPCStack
- Outputs.PrivateSubnet2AID
VPCID: !GetAtt
- VPCStack
- Outputs.VPCID
DBName: hvrhub
DBAutoMinorVersionUpgrade: "true"
DBAllocatedStorageEncrypted: "true"
DBBackupRetentionPeriod: "35"
DBEngineVersion: "11.7"
DBInstanceClass: !Ref PGInstanceClass
DBMasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref PGUserSecret, ':SecretString:username}}' ]]
DBMasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref PGUserSecret, ':SecretString:password}}' ]]
DBPort: 5432
DBMultiAZ: "true"
CustomDBSecurityGroup: ""
EnableEventSubscription: "true"
DBAccessCIDR: !Ref DBAccessCIDR
NotificationList: !Ref NotificationList
EnvironmentStage: !Ref TagEnvironment
######################################
## Define stack output values
######################################
Outputs:
HVRBastionNLBDns:
Condition: IsAcceptedEULA
Description: HVR Bastion Host Access Point (Load Balancer DNS)
Value:
Fn::GetAtt:
- BastionStack
- Outputs.HVRBastionNLBDns
HVRPort:
Condition: IsAcceptedEULA
Description: Port of the HVR Hub and Agents (via Load Balancers)
Value:
Fn::GetAtt:
- HVRStack
- Outputs.HVRPort
HVRHubNLBDns:
Condition: IsAcceptedEULA
Description: HVR Hub Access Point (Load Balancer DNS)
Value:
Fn::GetAtt:
- HVRStack
- Outputs.HVRHubNLBDns
HVRAgentNLBDns:
Condition: IsAcceptedEULA
Description: HVR Agent Access Point (Load Balancer DNS)
Value:
Fn::GetAtt:
- HVRStack
- Outputs.HVRAgentNLBDns
RDSEndpoint:
Description: Aurora PostgreSQL endpoint
Condition: CreatePGStack
Value:
Fn::GetAtt:
- AuroraStack
- Outputs.RDSEndPointAddress
RDSPort:
Description: Aurora/PostgreSQL default port
Condition: CreatePGStack
Value: 5432
RDSUser:
Description: Aurora/PostgreSQL default HVR user
Condition: CreatePGStack
Value: "hvrhub"
RDSUserSecretARN:
Description: Aurora/PostgreSQL hvrhub user password can be found in Secrets Manager.
Condition: CreatePGStack
Value: !Ref PGUserSecret
RDSDBName:
Description: Aurora/PostgreSQL database name
Condition: CreatePGStack
Value: hvrhub